There has been a need for some time for an easy-to-use encryption product (e.g., for mainframe computers). In particular, tape data that leaves the secure confines of a data center would benefit from an easy-to-use encryption mechanism.
Some have stored an encrypted copy of an encryption key within the first block of the data being encrypted. Some other encryption products rely strictly on manual processes to keep track of which key needs to be used to read which tapes. Another non-mainframe product that stores an encrypted copy of the key on the tape stores the key in a data header-block. The first block of data written by the application and for use by the application reading the data contains information including the encryption key.
Other products allow data to be copied from tape (or disk) to another tape in an encrypted form. So, if an application writes a two-volume tape file, then the application can copy that file (or files) to another two-volume tape file in an encrypted form. Then, to read the data at (e.g., a disaster recovery location or at the receiving data center), the encrypted two-volume tape file has to be re-copied and un-encrypted back onto a two-volume tape file that is not encrypted. Then, the application can read the un-encrypted two-volume tape file as input. This means writing the data twice and reading the data twice, as well as keeping track of the file name and relationship between the original data, the encrypted copy, and the un-encrypted copy.